Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 4 Nov 2008 16:13:15 -0500
From: Kvetch <kvetch@...il.com>
To: john-users@...ts.openwall.com
Subject: ntlm and lm hashes questions

I have a Windows hash output file that contains some lm hashes and
some ntlm hashes.  Not every user has an lm hash so I would like to
crack ntlm hashes when lm hashes are not present.  I applied the
ntlm-alainesp patch to John so I can crack ntlm hashes when need be.
>From what I can tell, if I don't specify the format John only attempts
the lm hashes.  Is this correct?  Is there a way to have it crack the
ntlm if no lm is present or will I need to run the processes
separately, once with the format=LM and then once with format=NT using
the cut field delimited method listed on the "uppercase only thread" -
http://www.openwall.com/lists/john-users/2006/07/08/2

I want to test via a wordlist first and after that is done try an
incremental against it.  If I want to try cracking the hashes against
a dictionary wordlist first, do I have to modify the john.conf rule to
be List:Rules:Wordlist or is specifying the -w:wordfile option enough?
 My john command seems to stop quickly right after I run the following
command

./john --session=test -w:/mydictfile myhashes
It says it loaded 17 password hashes with no different salts (LM DES
[128/128 BS SSE2])
*     (userC:2)
1     (userB:2)
3     (userA:2)
guesses: 3 time 0:00:00:01 100% c/s: 8122k trying: } TTDEEL - ~

Is my command incorrect, why is it stopping so soon?  Do I need to
change the conf to have the Rules:Wordlist and then run
./john --session=test -w:/mydictfile -rules myhashes
in order to perform a dictionary attack?

Thank you.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.